11 Mar 2016

You need a Disaster Recovery plan that includes Cyber Attacks

IT is all around us, in work and at home and it is the tool that keeps us open for business. With the increasing threat of cyber attacks continuing in 2016, and the more recent not only affecting PCs but also targeting Apple Macs; SMEs need to not only consider how they can lessen the chance of being attacked, but also how to reduce the impact and the recovery time if they are.

Businesses are all too aware of their weaker areas. The 2016 Risk:Value Report from NTT Com Security surveyed business decision makers in the UK and identified that the top three current concerns are:

Poor information security: This can leave businesses open to an attack.

Competitors taking their market share: This can happen if your reputation is tarnished after an attack.

Lack of employee skills in key areas: If this gap is in IT, it will take you longer to recover from the attack.

67% of respondents believe that it would take their organisation longer than one week to recover from a security breach and it was more likely to take around 8 weeks to fully recover!

Security is at the centre of all of these and a major concern. Further to this, Kaspersky, a leading provider of internet security and antivirus software in the UK, has also produced a Damage Control: The cost of security breaches report that has identified the average cost of recovering from a breach for an SME is £26,000. Whilst there is cost associated with brand damage for this market, the larger impact is from the loss of access and functionality of IT systems.

With any business at risk of an attack, and as we always say, its not if but when; you need to make sure you can recover to the best of your ability, as quickly as possible. As we mentioned in our security blog last month, your first focus should be your security, but in conjunction with this, you need to think about how you recover if you do suffer an attack and get back to normal ASAP. After all, how long will your clients wait whilst you are temporarily shut down?

We have all heard of disaster recovery and we often think of disasters as situations such as a fire, floods, explosions and power failure. However, a disaster is anything that seriously disrupts the functioning of your business and you need to add cyber attacks to your planning – identify how you recover from a breach as unfortunately, the risks of attack keep growing and the types of attacks keep evolving.

Understand the Impact to your Business

Firstly you need to determine the potential impact of an attack to your critical business systems and the risks associated with this. From this, you need to identify how you would best manage it and prioritise the tasks in a plan. As part of this, you need to break down the types/levels of attack rather than just developing one plan for all the possible scenarios. This should include step-by-step process to best manage people, physical facilities, technology, data, suppliers, policies and procedures.

The areas many businesses will prioritise are backups, Internet connectivity, remote access, the use of personal devices and telephony to get the business up and running on a basic level.

But you also need to be dealing with the attack itself. If a virus/malware is attacking your IT system, you will need IT experts with forensic experience to help remove this. A word of advice – if you are suffering a Ransomware (the type of malware that asks for money to release your data) attack, don’t pay – the hackers will only try again once they know you will pay out and often, you will not receive your data back or you will receive your data but the hacker will also make it available to others.

Make sure you have an Incident Response Plan

At a high level, you need a plan in place to detect, contain, eradicate and recover. You need to get some form of positive from an attack, so make sure you learn from it and enhance your processes so the same thing doesn’t happen again.

You need to cover these basics in your plan:

How are you going to gain control of a security breach and recover?

What do you define as an acceptable recovery (data recovered and recovery time)?

What is the process for reporting incidents and communicating this to employees?

How are you going to raise security awareness to employees and maintain regular communications so it is on their radar?

How are you going to manage and communicate security policies?

Who is responsible for the above and can manage the communication with employees, clients and suppliers?

Many businesses are turning to the Cloud

Tapes, CDs, USB sticks and external hard drives are still popular tools to back up data for many SMEs. However, more businesses are looking to Cloud solutions to help provide fast, reliable and secure DR services cost effectively. We expect this uptake to accelerate substantially because of the growth of cyber, data and the digital economy and recommend that you consider Cloud as an option.

Regular checks you should have in place

We recommend you regularly check the following to help keep your business safe:

  1. Passwords: Check that any devices that access business data are protected by strong passwords. If your employees use their own devices, make sure they implement this precaution.
  2. Attachments: Virus enabled emails, web-links/downloads and USB sticks are customary channels used against businesses today. Make sure your anti-virus and firewall are running the most current versions, which are updated to identify many of the most current suspicious-looking items.
  3. Employees: Make sure everyone knows on how to stay safe online; including how to use strong passwords, spot suspect emails or sites, and protect company information.
  4. Back-up: Every day make sure the information you store on computers is backed-up and secure. Imagine how your business would cope if you had to get through the day without it. Make sure the back-up is fully running and that storage isn’t at capacity. Also, don’t keep your back-up data in the same building as your IT system.
  5. Software: Take full advantage of any user-friendly Internet security software that that has been specially created for small firms to secure multiple devices.
  6. Test & Review: When you have your back up and DR in place, make sure you review it on a monthly basis to take into account such things as new software, more storage, number of employees and latest attacks. Test the procedures you have in place too.

Do you have a disaster recovery plan in place? Could you manage the recovery yourself or would you need help? Click here and we will be in touch to discuss this further with you.